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(57) Abstract 

pubomputer system (100) that uses a random access memory (102) or equivalent memory to store operating system data and "persistent" 
data (1 12), i^ any data stored in the random access memory (102) that is designated to be retained after a system reset, includes a recovery 
boot system that implements a method for recovering the persistent data after a system reset that necessitates re-initialization of the 
random access memory (102) with operating system data. The recovery boot system allocates the random access memory (102) during 
re-initialization such that new memory allocations do not conflict with persistent data (102) allocations made prior to the system reset 
After fundamental operating system data are initialized, the persistent data (1 12) are recovered. Thereafter, the remainder of the data to be 
re-mitialized can be stored in any available location in the random access memory (102). 
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RECOVERY BOOT PROCESS 
Gregg B. Kellogg 

C^PgS-PrFKRENgB T n « T CROFTrHP ^pmnrnrc 

Appendix A, which is a part of the present 
5 disclosure, is a microfiche appendix consisting of 
3 sheets of Microfiche having a total of 154 frames. 
Microfiche Appendix A is a computer program listing of 
boot code for use in one embodiment of this invention/ 
which is described more completely below. 
10 Appendix B, which is a part of the present 

disclosure, is a microfiche, appendix consisting of i shee t 

lLTT° £ i C ^ h * ViWg 8 t0tal ° f Microfiche 
Appendix B is a ROM valid listing defining the data 

structure of a ROM according to one embodiment of this 

15 invention, Which is described more completely below. 

^tainsTf Y f difi<a ° ?W * of thie document 
-ontains material which is subject to copyright 

dmi^* ^ C ° Pyright ~»~ *» - objection to t* e 

ZtaZT* SCl ° SUre ' aS * - the Patent and 

™ef If ^ W ^ otherwise- 

reserves all copyright rights whatsoever. 

BACKgROtTWn OP Tfttt T NVENTT|n^i . 
1« Field of the Invention 
23 a mem™" ^^^^ rel ^es-.to a computer system including 

such 17, B reSettin9 the «-^t«r system 

such that pre-existing persistent data stored withL tho 

r P ?f r^" 4 iS — *W »Y the system r^. 
2- Related Art 

50 corner COmPUte T SyStenS ' vari ^ ^ents can cause the 
computer operating system to -crash,... disabling the 
computer system. An operating system crash is initiated 

tZ*™T Vhen ^ certain operating ' 

system data is compromised. Operating system data can be 
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I fttA^nft 1 \ ~^*>a 



5 12^. 'IPto-P^rticl. interaction with DRAM 

ana ™ 1 To7. SySt '" CrM1> iS — * «1« 

"PwCing of an error by the r%^^^< 

"freezing up „ of the co^puX Systran T ' " * 

operations can be executed Z "° 
10 the routed on the computer system, mien 

reset a^d ^ CraSheS ' ~ «* 

initialized to a state at which user operation of the 
computer system can begin again. 

The system reset may be e i+ho»- =, v ^ 
15 software reset w, » e e *«ier a hardware reset or a 
Xft . are v reSet ' as *wwi to those skilled in the art 
After a hardware reset an 

. , - *« reset, all of the computer system 

hardware is re-initials^ »^ system 
the nri»»™ ini tial iZ ed. After a software reset, only 
tne primary memory device * « * ■ * ' y 

(KAMI wh^v, v aevice ' e -9-, a random access memory 

20 \ ^ thC system data is re- 

vLu ^ Vi1 * initial nonzero, dat^ 

values. Herein, "pri^ fflejnory device „ 

--ory device from which the computer system 
^coprocessor generally works during operation of «, 

unit 21*4- ^ a dis,c 4rive or a tape 

«t.r both the hardware and software resets thl 

crash thT" 9 OB . th ° "" Ure ° f * he «P—tl»i syste, 

r te„ reseJ. ^-^^^JSLniS^ 8 

typically initiated by turnino re eets are 

«-» on a,ai„, 0 ser-L" at.I so^tLT*" °" 

puter system, or one or more keys on the keyboard. 
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«-« in «,e ae Stru ::Lr:r:n™": t r o \r s " ot 

because user ^ ata * This is 

» — «y devi" ' IT E '° red °" ~ OT »™ ~ 

z «evaces, such as a disk driv«* 

fro, the primary menory devic * *^ e ' m 

system is stored Thai ^ 

"wrea. Thus, even though user data 
typically initially stored on the LZ 

if the user data k Primary memory device, 

« —ndary *J£ - the 

initiation frequently the case, 

device can aleo be — «T 

sytte» data at an tiM= " 1 <>«. -along with operating 
—ice is re ^ irea an<| ^ "oh^T ^ — r* . 

^aet typically causes all user dTT ^ ! 3 RyStC,B 

operating system data is re-i^ ! ^ ^ ^ 
memory device m !• inl «al"ed on the primary 

Primary memory ^JT."^ *" • 

30 initialisation^ all of tl * reSCt ' P?i ~ to «" 

Placed on a "free i ist » T ! ^ ioca <*°- are 

stored at any a : a ; iab r T** 1 " ™ is 

™«s, the opera JL \ Pri * ary * B *° Ty 

, uie operating system data may be stnro , . 

memory location that previo,,^ in a P rin >ary 
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Thus, It is desirable to provide, in a computer 
system, including only a primary memory device a system 
and method for re-initializing the operating system on the 
primary memory device after a system reset, such that user 
5 data existing prior to the system reset is preserved aft^r 
tne system reset. 

SUMMARY OP THB TP 7pn. T m, 

In a computer system that uses a random access memory 
or equivalent memory to store operating system data and 
10 persistent data, i.e., any data stored in the memory that 
is designated to be retained after a system reset, a 
TTl^Z ^ SyStein * CCordln * *> «»• invention implements 
re^eTS * reC ° Verln * the P~»*-*«* *U after a system 
reset that necessitates re-i„itiali Z ation of operating 

ZTVT int ° ^ ^sistent data L well'as 

other data stored within the memory is not destroyed by 
the system reset. The recovery boot system according to 

Z 7T* all ° CateS lnem °^ **** re-initialization of 
the operating system data into the memory such that new 

aTLT t all0 ° ati0nS d ° n<>t C °^ lict With Patent datl 
dai I Made Prl ° r t0 SyStero " set ' ^ores 

logons SUCh that ^ data is " 0t s *~* d 

locations that contain persistent data. 

in the recovery boot system according to the 
operatiT' all ° Cati ° ns «• — 

operating system data is stored in the memory to allow the 
operating system Xernel and hardware interface code to 
begin running. Memory allocations are made to recover 

30 ITTnlTt EaCh 9llOCated —«y location is marked 

30 to indicate that the memory location is no longer 

IZ^l ? ^ St ° re data ' ° Sing ° nly the — -ing. 

Each instance of data stored in the memory is 
35 associated with a virtual memory address used by a 



10 



processor (also part of the computer system) to identify 
the physical memory address of the data and access the 
Physical memory location of ihe data in the memory. Data 
required for translating the virtual memory addresses of 
both operating system data and persistent data bo physical 
wemory addresses are retained, in one embodiment, through 
the system reset. 

After the system reset -, the retained translation data 
are used to map the virtual memory addresses of 
fundamental operating system data to physical memory 
addresses, consequently, after* the system reset, 
fundamental operating system- data is stored in the same 
physical memory locations in the memory as before the 
system reset. Thus, re-initializatioh of the fundamental 
is operating system data in the memory does not destroy any 
of the persistent data stored in the memory. 

After memory allocation for the fundamental operating 
system data, i.e., recovery of the fundamental operating ' 
system data , the persistent data is -recovered . During 
20 normal .operation of the computer system, "the virtual 
memory addresses of some data stored 'in the memory are 
tagged -to indicate that the data is persistent data, a 
last of tagged virtual memory addresses is stored starting 
at a physical memory address corresponding to a virtual 
25 memory address that is fixed for the operating system. 

After system reset, this virtual memory address, which can 
be "known" by the processor immediately after the system 
reset or "discovered" by the. processor during recovery of 
the fundamental operating system data, is used to access 
30 the list of tagged virtual memory addresses. The tagged 
virtual memory addresses are used to allocate the 
corresponding physical memory locations in the memory so 
that other data cannot thereafter be stored in those 
memory locations during the recovery boot process. 
35 Subsequently, the recovery boot process can be 

completed using any physical! memory locations that have 
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not previously been allocated. Since only physical memory 
locations are used that have not been allocated during the 
recovery of the fundamental operating system data and the 
persistent data, persistent data is not destroyed by the 
5 remainder of the recovery boot process. 

An advantage of the system and method according to 
the invention is that persistent data can be recovered 
after a system reset without unduly constraining the usage 
of memory. For example, it is -not necessary, as is the 
10 case of other systems, to specify a region of memory for 
storage of the file system. * Unlike other systems in which 
a pre-defined area is set aside for file system storage, 
i.e., a region in memory of fixed size is allocated only 
for the file system, in the recovery boot system and 
15 method according to the invention, the exact locations and 
sizes of all portions of the file system are determined at 
boot time. Thus, memory fragmentation, i.e., memory space 
allocated for a specific typ> of data that remains unused 
by data of that type, does not occur with the recovery 
20 boot system and method of the invention. Consequently, 
the recovery boot system and method according to the 
invention allow a. more dynamic allocation of memory 
between file system data and run time data. such 
flexibility is particularly useful for computer systems 
25 that include an operating system with complex file system 
structures that require a large 1 area of memory for run 
tame data storage, since. more memory is made available for 
those run time data structures. 

.BRIEF DESCRIPTTOM np THF nP^TMre 

30 Figure 1 is a block diagram illustrating a computer 

system according to the invention. 

Figure 2A is a block diagram of a recovery boot 
process according to an embodiment of th* invention. 
Figure 2B is a block diagram of a recovery boot 
35 process according to another embodiment of the invention 
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Figure 3A is a schematic representation of mapping of 
a virtual memory address to a physical memory location 
using paged segmentation according to one embodiment of 
the invention. 

5 Figure 3B i e a schematic representation of mapping of 

a virtual memory address to a physical memory location 
using non-paged segmentation according to another 
embodiment of the invention. • 

P1 9« re 4A " a diagram of the data structure of a rom 
10 for use with the invention. 

Figure 4B is a diagram of a ROM item defined within 
the ROM of Figure 4A. 

th. Zt^T 4C " 3 diagram ° f 3h Elf file defined 
the ROM item of Figure 4B. 

» Figure 5A is a bloc* diagram of the fundamental 

operating system data initialization step of Figure 2A . 
according to an embodiment of the invention. 

Figure SB is a block diagram of the fundamental 
operating system data initialisation step of Figure 2A 

0 according to another embodiment of the invention. 

reaJT^ 6 ^ 3 bl ° Ck diagra,D ° f the "tent region 

recovery step of Figure 2A according to an embodiment of 

thft.invftnHnn. "~ 



25 initialization step of Figure 2A according to an 
embodiment of the invention . * 

in*i- P T re . 7B " 9 bl ° Ck dla9rM ° f system free list 
initialization step of Figure 2B according to an 
embodiment of the invention. 

30 . DETAIL T^CRIPTTON Q P FMB OP I MENTS nP- TOP + mmm „ v 

According to the principles of the invention, a 
computer system that uses a Random access memory or 
equivalent memory to store operating system data and 
persistent.' data (defined belov, includes a recovery boot 
35 system that implements a method for recovering the 
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persistent data after a system reset that necessitates re- 
initiali 2a tion of operating system data into the memory. 
Specifically, the recovery boot system according to the 
invention allocates memory during re-initialization of the 
5 operating system data into the memory such that new memory 
allocations do not conflict with persistent data 
allocations made prior to the system reset. 

Herein, "persistent data" is any data stored in the 
memory that is designated to be retained after, a system 
10 reset. Persistent data typically includes data that is 
generated during use of the computer system that would 
take a significant amount of effort on the part of a user 
of the computer system to recreate, or that probably 
cannot be exactly recreated by the user. i„ one 
15 embodiment, persistent data includes, for instance, the 
file system data created and: continuously updated during 
use of the computer system. ' The file system data 
includes, for example, data generated by a user such as 

20 It * TIT* USing 3 ^ Pr0ces5in * ^Plication program 
20 or a database created using a database application 
program. 

Each instance of data stored in the memory is 
associated with a virtual memor* address used by a 

25 anr eSS ° r ^ °* ™* W) to identify 

and access the physical memory location of the data in the 
memory. Da ta required for translating the virtual memory 

d!tr e r eS K° f b ° th ° Peratln * -y-tem data and persistent 
data to physical memory addresses are retained through the 

30 translation data are used to map- the virtual memory 

addresses of fundamental operating system data to phvsical 
memory addresses. The fundamental operating system data 
" ^ is ^"icient to allow operation of the 

kernel and code that interfaces the operating system to 

rZT^ hardWare * CO »— *tJ the systl 
reset, the fundamental operating system data is stored in 
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^ Physical memory addresses correspond!^ to the 
-ore o^rrr 1 10C " lOTS — to 



»«a, i e " ^amenta! operating system 

- Cisss aixt~ r atin * ~ 

operation of th* ™ * ; recovered * During normal 

on or tne computer system, the vivt-,,,! 
addressee <vf ~ , virtual wemory 

address that is flxed for ~*- pondln 9 to a virtual memory 
system reset, this vLuL W«. After 

"Hnown.. by the procLT "" ^ addreSS ' ^ -an be 
••discovered L thf ***** r...t or 

25 Omental •^L^LT^r* ^ ° f ^ 

^tail below ^1"! t ^ " *» -ore 

w ' 16 Use <* to access the ii«;f 

memory addresses. The tagged virtue " 
-PPea to p hyslcal memoryXe 6ees an :T y i""""" 
memory addresses a ™ „ ! , ' esses and *he Physical 
30 *. stored tt th" t0 lndlcate ^^ data cannot 

Figure i il T^ZT^ l0 ™- 
-y.t« 100 accoid ing to thiT™ * ~~ 

interfaces with a r^ndl a lnVe " tl0n - Coprocessor 101 

»«n a random access memory 102 * « 
dynamic random access memory a rl , *" * 

35 (ROM) 103 a «„ raemor y' a read only memory 

J .103, and other con)puter circuitry 
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In Figure l, only the components of computer 
system 100 required to understand the recovery boot systero 
and method according to this invention are illustrated 
Those skilled in the art will appreciate that computer 
5 system 100 also includes structure for accepting user 
input to computer system lOCf such as a keyboard or a pen 
stylus, an output display device such as a back-lighted 
liquid crystal display, and. structure for housing and/or 
supporting each of the components of computer system 100 
10 Additionally, each of the components of computer 

system 100 are interconnected using structure known to 
those skilled in the art. A computer system 100 suitable 
for inclusion of the recoyerjy boot system according to the 
invention is sold by eo Inc.; of Mountain View, California 
15 as Model No. 440 or Model No. 880. 

ROM 103 has a data structure discussed more 
completely below, and stores all of the operating system 
data in, i.e., basic instructions for operating 
microprocessor 101, for computer system 100, such as 
20 kernel instructions, instructions for various libraries 
and services, and instructions tor graphics libraries, as 
well as instructions 112 for- the novel recovery boot 
system according to the invention. Any operating system 
compatible with microprocessor i 01 can bo used. In one 
25 embodiment, where microprocessor 101 is a Hobbit processor 
available from American Telephone and Telegraph (AT&T) 
the operating system is the PenPoint operating system 
available from Go Corp. ro M i 03 also stores applications 
programs such as word processing, data communications- and 
3 0 graphics programs. 

RAM 102 is used during operation of computer 
system 100 to store data that it is desirable to make 
readily accessible to microprocessor 101, e.g., data that 
as frequently used, or read/write data such as user data. 
35 some of the user data stored on RAM 102 is persistent 
data 112, as defined above. 
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During operation, computer system 100 »ay "crash" ror 

* error, i.e., corruption of some of the 

data store, on ^ 102. Often/t„ e operating system is 
* able to recover fro, the crash on its own and d L, not 

which the operating system cannot recover may be 
indicated for instance, by detection and reporting of an 
10 toT ° r 7 ° f "0 to respond 

on its own, computer system loo must be resel: and RAM 102 

state that allows user operation of computer system 100 

15 to T~ COntaihS hardWare the user 

15 to ..manually" reset computer system loo after a crash TrZ 

wh,ch the operating system" cannot automatically reaver 
ways hf^" SyStem bS a,anUaIli ' reset - *«° * 

-vs. hardware reset and software rese t (recovery boot) 
A hardware reset causes computer circuitry io<, ZZZ 

ZZTIT* hardWare ' ^ Sh ° Wn <~ *H» 

re r^f, ^ ""initialized. In particular. »AM 102 is 

: r"tt T hout regara to the «* ™ lor 

Prxor to the hardware reset. Hence, all data stored in 

» ^ a "V r L° r io t0 t the r ^ et ' *™*«^ 

' . iS 'r?' A S ° ftWarfe re86t is 1— drastic. 

102 iS ""i^tialized, as described below, so as to 
prevent certain important data i « • 
from being lost. ' " persistent 

3 0 re. /" nerally# 3 S ° ftware rese * *• Preferred. A hardware 
3 0 reset is necessitated if th» ~ ars 

a lt software reset does not 
return computer system 1O0 to a user operate stated A 

« *° a U " r state, if, after the 

35 software reset, the persistent data 

, * . i,u aa " zi2 is corrupted to 

the poant that the persistent aJta i u is net usab" 
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In one embodiment of the invention, a hardware reset 
« initiated by depressing a reset button so. that, while 
power remains turned on to. computer system 100, computer 
carcuitry 104 and RAW 102 are fully re-initialized. 
5 in one embodiment of the invention, a software reset 

is initiated by depressing the power button for an 
extended period of time, then releasing the power button. 
Any desired length of time can be used and the passage of 
sufficient time can be indicated by, for instance, an 
10 audio signal such as a succession of beeps, m a further 
embodiment, the tone of a succession of beeps changes when 
the power button has been depressed for a sufficient time 
to initiate a software reset. Depression and release of 
the power button as described above each generate an 
15 interrupt so that a software reset is initiated. 

Figure 2A is a block diagram of recovery boot 
process 2 oo according to an embodiment of this invention. 
Recovery boot process 200 begins with system reset 

20 SLf 5 ' SyStem St6P 205 includ *s * user-initiated 

20 software reset, as described' above, immediately after 
initiation of the software reset, certain hardware, such 
as a power controller, a communications port, and a 
display. screen, are initialized. One embodiment of a 

25 ^ Wer .rfT° ller Suitabl * for ™* with this invention is 
25 described ih copending, commonly owned, U.S. Patent 

Application serial No. ??/???/??? entitled "A Power Supply 
Circuit for Powering a Portable Computer and an External 
Device from a Single Battery Power Source," by David 
Anthony Chavez, Ron A. Balczewski, and Bernard Jean 
30 Lacroute, filed on the same date as the present 

application, the pertinent disclosure of which is herein 
incorporated by reference. 

RAM 102 is initially unavailable for use by 
microprocessor 101 during system reset step 205 so that 
there is no danger of destruction of persistent data 112 
stored in RAM i 02 . As explained in more detail below, as 
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' "T.^— Presses thrcah the 

hi aVaUaMe ,or U5 = *y Bicroprocessor !Ol. 
Low. « plained 

step ° Pera " n9 d " a i»"^"- t ion 

h ^"' : artal " °P*««»9«yste» d ata, reWea 

known ROM data 1 " S that ' along with the 

««u« and p»»l~r " ! t0aI " e "° rl ' 

«ep 205 Th.„ - ! ex,3tOT t before syste» reset 
-J to re-LtLu^r a " d ' PhySl0a » —V addresses are 
correspond!™ > ^ Se9 ™ en * "* W ' e table 

=yste* data is stored at ST. J""*—"*" Ratine, 
locations as were used bef * ySiCal '" e,, ' e,r> ' 

thereby ensurlno th V "<»very boot process 2 oo, 

operatLT t recovery of the fundarcenta! 

» ZZ AT. y n dato does not flast ^ 
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According to the invention, recovery boot process 200 
persistent data 112 is not destroyed by the re- 

5 Persa^ent^T °* ^ ^ ^ data, 
befor! V ^ 38 P- Sis ^t at see time 

tnitiaJL T " PCrsist * nt first 

initialization of the operating system of computer 

10 r ^ ™~ ~ aoo is first turned 

c^p^Tsv reSet/ " r dUriftg —1 operation of 

c ™P»ter system aoo. x„ one embodiment of i he invention 
data representing the file svs*™ ^ ^vencion, 

is marked « • system of computer system 100 

marked as persistent data 112 th- «i. 
initiaiiv ^ ^ ^ 71,6 flle svst era data is 

15 ooer^t ^ ^tialisation of the 

ZZT 9 °* COI0PUter S ^ St - "0 «- ^ated during 

normal operation of computer system 100. * 

initial!^, r° mPleti ° n ° f fUnda » e ^ al oP-ating system data 
^^^T/^ 21 °' PerSlS ^ nt data 112 covered 

opLItlna fi T° ry ° f WhiGh iS P"-defined by the 

HdiS — d " *-ing fundamental 

defining each region table entry 

defining a region of virtual Memory space t^h ^ • 
25 f shi a * A J b P ace * Each area ion 

whether or no^! re91 ° n ^ ^ attrlb ^ ^ indicates 
whether or not the virtual memory addresses within th« 
region correspond to physical memory locations that I 
persistent data 112 The ■ / ocatlons that store 

30 reviewed p w \l ! 9 table is jessed and 

that Itoi VirtUal ae,n0ry 3ddress of region 

x^iat stores persistent data 112 +k« 

table and page table J*l- corresponding segment 

corresr.1V I ^ m ****** tb ^cate that 

corresponding physical memory locations are allocated 
After completion of persistant- ■ 

" «. P 220 , . syBZe » free 2 L t is 5 « eat ;rr: rec r iT 

li C 4. i.,.. , . 15 created in systera free 

li-t WaaU^o step Por each regl<m ^ ^ 
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region table, the segment and page table entries 
corresponding to virtual address in the region are 
reviewed. Physical memory addresses of physical memory 
locations that are being used are identified and the 
5 system free list is created as a list of the refining 
pnysical memory addresses* 

bam J! C ° ntrast ' in P^vious methods for re-initial i 2ing 
RAM after a software reset,. all of the RAM memory 
locations were immediately placed on the system free list 
10 The operating system data was mapped to any available 
Physxcal memory locations within the RAM. Thus, the 

locations that contain user data prior to the system 
reset, thereby destroying the user data. 
15 After system free list initialization step 230 is 

completed, the next step in- recovery boot process 200 is 
system start-up ste p 2 40. system start-up step 240 
xncludes, among other things, initialization of 
-put/output devices, further initialization of parts of 
~o .he operating system kernel, e.g., memory manager and 
ornery allocator, and initialization of device drivers. 

After system start-up step 240, the next step in 
recovery boot process 20 0 is file system recovery 
step 250. m file system recovery step 2S0 , the data 
a5 structure, i.e., f ile system, that stores information 
regarding the files stored in RAM 102 and ROM 103 is 

the'™*! Th ; me ^ formation regarding 

the name, locataon, permission and attributes of each 

,0 It. ^ Sy6ten alS ° lncludes information regarding 

.30 the presence of other volumes or disks. * 

U»on completion of file system recovery step 250 
computer system loo completes recovery boot process 200 by 

[T* Z ?A th * reraaini " g ^ ° f the system 
35 part f 1 litau *- applications that are 

part of the operating system. 
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Figure 2B is a block diagram of recovery boot 
process 260 according to another embodiment of the 
xnventaon. Recovery boot process is similar to recovery 
boot process 200 and like steps are indicated by the sale 
5 numerals used in Figure 2A. The above description of " 
steps xn process 200 with the same reference numeral as 
*ne steps in process 260 are incorporated- heroin by 
reference. 

in «. In / eC ° Very boot P roce *? 260, fundamental operating 

i S n^L :- initialiZati ° n 211 and ~ ^ e lis* 

inxtxala 2 ataon step 231 are slightly different than 

fundamental operating system data initialization step 210 

and system free list initialization step 230, 

respectively,- and persistent data recovery 220 is 

elxminated. Recovery boot process 260 differs from 

PrOCe6S ^ ^ operating 
ZI TJ T ^""^ data , 112 «»* are recovered are 

«ot marked as used during recovery boot p r0 ce SS 260, i.e 
the segment and page table entries corresponding to 

are not marked when recovered. Rather, recovery boot 
process 260 takes advantage of the fact that during 

25 p!r!istL *f? fUndaroental -gating system data and 
persistent data 112 are marked in the region table as 

Curir ^ a Pe " is ^ ^tribute is turned on." 

table i liSt lnl 4 aliz ^- "1, the region 

nor- , r^" 611 ph * sical ™°*Y addresses of all 

from IL ^ °* PCrSiStent -e-also removed 

from the i ist of available virtu ^ roeinory 

systerrlset'T^ b ° 0t Pr ° CeSSeS 2 °° a " d 260 - 

rest IT that ' ^ tUrn ' inCluded * so «— 

35 prowls P " SyStem 100 ° an r — *«» a 

processor reset in a manner similar to recovery boot 

process 200 or 26 0. A processor reset is a non-user- 
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when IT rSSet/ i<e " a " 3Uto ^ tic «" t , that occurs 
when microprocessor aoi attests to take an exception, and 

that p ::r: s of taklng " Gxception tak - « ™ i0 n. l 

^ that point, the only thing microprocessor 101 can do is 
^ reset. i„ a we thod according to the invention for 
recovering after a processor reset, microprocessor 101 
goes through a processor reset, state in which 
microprocessor 101 determines whether a hardware or 

10 required, begins one of recovery boot process 200 or 260 
in computer system 100, . the segment table and, 

shor^Ir e ;. Pa9e table * a " aVailabl * ^ microprocessor loi 
shortly after system reset step 205 because the physical 

lllTs lTT T ™ or * detail below - durin * the 

s\r 2i r f " ndamental ° Pe?ating SySt - data initialization 
step 2 10 . Discovery of this physical memory base address 

™ r°r ished either by *l OP L; dd „r 

astern to store the physical' memory, base address of thl 

s^ur: h n ^ b ° 0t ^ StrUCt th * *** data 
1722 t **** " discove ^" an earlier stage of 

fundamental operating system data" initialization step 2^0 
or by structuring the computer svste* >,»„, 
*5 physical memory base addrLs of th S ° ^ ^ 

always known, e g bv ha^ ' taWe iS 

jt own, e.g., by having one of the registers of 

-^processor 10l store the' p^eax ^ .Caoless 
of the segment table. 

3D ore Be rT ery b ° 0t Pr ° CeSS 200 t3keS ^vantage of the 

3o preservation of the physical m*™^, u - 

segment tabi- *emory base address of the 

«g»ent table to, with other tables, re-i„i tialize 
RAM 102, as explained below, without ri„ c <-™ • 
*~ a, store*. ln ^ ltt2 U^Z^'lTT* 

abases of persistant data ll 2 so that the persiatent 
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. data 112 is restored to the same physical memory locations 
m ram 102 as used prior to recovery boot 
process 200 or 260. 

Computer system loo has a memory structure including 
5 a physical memory address space and a virtual memory 

address space. The physical memory address space includes 
the entire set of physical memory addresses. The system 
controller (not shown) associates portions of the physical 
memory address spec* with particular pieces of hardware, 
a.e. one or more particular physical memory locations, 
such as ROM 103, RAH i 02 or input/output ports (not 
shown) . However, not all physical memory addresses 
necessarily; refer to actual physical memory locations, and 

more than one physical memory address can refer to the 
15 same physical memory location. The virtual memory address 

space includes the entire set of virtual memory addresses. 

Portions of the virtual memory feddress space are 

associated with particular pieces of software, either 

dynamically or statically. " 

20 ana J? T emb ° di,nent: ' the v *"»al »a»ory address space 
ana the physical memory address space are the same size. 

7il*Z T r t ° f 100 aCCeSSes ^ored 

Sown" v^ T ° f C ° ttPUter SySte * 100 by 

Known virtual memory addresses to physical memory 

25 addresses and accessing the data stored at the 

corresponding physical memory location. 

virtual 6 ^ 1S a SChemati ° "presentation of mapping of 
virtual memory address 300 to physical memory 

location 331-3 in physical memory page 330 using paged 

30 -^ntation according to one embodiment of,the invention. 

Virtual memory address 300 is four bytes (32 bits) lon g 

and includes segment table offset 301, page table 

lll^ ^ ^ 303 'I Se9TOent table offset 3 oi 

35 off "Til 0 **** (bltS " """I* 31 >' ***** 

35 offset 302 includes 10 bits '(bits n through 21), and page 

offset 303 includes 12 bits (bits o through 11) . lt is to 
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be understood that virtual memory address 300 could be 
one two, ei ght or some other number of bytes longf Tr* 
that segment table offset 301, page table offset 302 and 
Pa 9 e offset 303 can include any desired numbe^f " t * 

are tt T ^ ^ ^ ^ 320 »»« — «y pa^ 330 
are used by computer system 100 in translation of virtual 
me^o address 300 to physical me^ry Xocation "1-3 
Each of segment table 310 and page table 320 are 
themselves a ^ory page. S igm ent table 310, page 
10 table 320 and memory pane 330 • , ^ 

words. Tn ! aCh lnclud e 1000 four byte 

»ord*. i„ segment table 310, each word is one of the 

3 2 tl tL T W ° rd " ° f ^ ^rie S 
321-1 through 321-N. i„ memory page 330 ea r-H „ * 
15 of the physical 1 ' h Vord is one 

H JZi » ^ locations 331-1 through 331-N. 

mformataon used by microprocessor 101. it is to be 

Physiol :i: r ;t 111: 3 j*zs* 3i r 8i - uariy * 

attributes. I-^eCIs* T»e LKr °" 

30 includ«k »._,. . " SS 32J ' ana • region 3Z3 th«t 

th* .tn Pen,1B5;IO,, ««<J/^it. attribute, fo^h of 

the other paae tabic* ^^^.i ^ fiacn °* 

35 whether- and 323 indicate 

«try 321 -,, r.sp.ctivojy, have beeB writte „ ^ or ^ 
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from. The permission attributes in regions 313 and 323 
indicate whether the segment table entry 311-2 and page 
table entry 321-4, respectively, are protected at kernel 
level or user level. 
5 Though not shown, there are a plurality of page 

tables, e.g., page table 320. The physical memory address 
in each segment table entry, e.g., physical memory 
address 312 in segment table! entry 311-2, is a physical 
memory base address of one of the page tables, e.g., 
10 physical memory base address 324 of page table 320. 

Likewise, there are a plurality of memory pages, 
e.g., memory page 330. The physical memory address in 
each page table entry, e.g., physical memory address 322 
in page table entry 321-4, is a physical memory base 
15 address of one of the memory pages, e.g., physical memory 
base address 334 of memory page] 330. 

Translation of virtual memory address 300 to physical 
memory location 331-3 occurs as follows. Segment table 
offset 301 in virtual memory address 300 is combined with 
20 physical memory base address 314 of segment table 310 to 
yield physical memory address 315 of segment table entry 
311^2. Physical memory address 312 in segment table entry 
311-2 specifies the physical memory base address 3 24 of 
page table 320. 

25 Page table offset 302 Jii virtual memory address 300 

is combined with physical memory base address 324 to yield 
physical memory address 325 of page table entry 321-4. 
Physical memory address 322 in page table entry 321-4 
specifies physical memory base address 334_of memory 

30 page 330. Page offset 303 in virtual memory address 30o 
is combined with physical memory base address 334 to yield 
Physical memory address 335 of ^physical memory 
location 331-3'. . 

Figure 3B is a schematic representation of mapping of 

35 virtual memory address 340 to physical memory 

location 361-2 using non-paged segmentation according to 
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another embodiment of the invention. Virtual memory 
address 340 is four bytes ion 9 and includes segment table 
offset 341 and segment offset 342. Segment table 
offset 341 includes io bits (bits 22 through 31) and 
5 segment offset 342 includes 22 bits (bits 0 through 21) 
As above, virtual memory address 340 can be other than 
four bytes long, and segment table offset 341 and segment 
offset 341 can include any nUber of bits. 

Translation of virtual Unory address 340 to physical 
10 memory location 361-2 occurs as follows. Segment taL 
offset 341 in virtual memory address 340 is" combined with 
Physical memory base address 314 of segment table 310 to 
Yield physical memory address 355 of segment table entry 

15 1^1' Ph n iCal addrSSS 352 ln table entry 

15 3H-4 specifies physical memory, base address 364 of 
segment 360. Segment offset 34 4 in virtual memory 

address 340 is combined with- physical memory base 
address 364 to yield physical memory address 365 of 
physical memory location 361-2. 

20 in re^ ^ ^ 3 "~ 1 thr °^ h 3 2 1-N includes 

Phvsica, ° r 3 " 8 Mt WhlCh indi -tes whether the 

Physical memory address, e.g., phy sical memory address 312 

to a page table (paged segmejntation) or to a segment (non- 
Paged segmentation,., m one,' embodiment, only pa^ed 
segmentation is used by recovery boot process 200 for 
translation of virtual memory addresses to nh v et , a1 
locations. 868 to physical memory 

30 initial - d T r f 6d abOVB ' * POrti ° n ° f 102 b. 

» \" "„ V T fUndament31 system data from 

ROM !03 in fundamental operating system data 

initialization step 2a0 before persistent data 112 can be 
recovered in persistent region recovery step 220. To 

35 st e e 9 r 2 lT aJnental ° Perating SySt6m dSta initialization 
" ' ro ; C ^°™ "1 accesses a predetermined 
memory location in ao M 103 which, in turn, enables access 
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to a memory location or locations in ROM 103 which store 
mapping information/ i*e., information matching physical 
memory addresses in ROM 103 to virtual memory addresses, 
for the data stored on ROM 103. This mapping information 
5 is used to re- initialize segment table and page table 
entries for fundamental operating system data stored on 
ROM 103 • 

In one embodiment, each re-initialized segment table 
and page table entry is marked to indicate that the 

10 particular physical page or pages corresponding to that 
entry are no longer available, i.e., future allocations of 
data cannot be made to these physical memory locations ♦ 
Thus, the mappings of fundamental operating system data 
that existed before the system reset are preserved after 

15 the system reset through use ofj the information in 

ROM 103. Consequently, no fundamental operating system 
data is mapped to a physical* memory location that contains 
persistent data 112 so that no persistent data 112 can be 
destroyed by the fundamental operating system data 

20 initialization step 210. Persistent data 112 can then be 
recovered during persistent data recovery step 220. 
Subsequent to persistent data recovery step 220, the 
remainder of recovery boot process 200 can proceed without 
. regard to the particular mappings of data to physical 

25. memory locations. 

Figure 4A is a diagram of the data structure of 
RQM 410.. ROM 410 includes ROM data header 411, map 
table 412, and ROM items 413-1 through 413-N. Hereafter, 
ROM items 413-1 through 413-N are designated collectively 

30 by the numeral 413; particular ROM items are designated as 
one of ROM items 413-1 through 413-N, e.g. , ROM item 
413-1. ROM data header 411 includes, among other things, 
the beginning physical memory address of map table 412 in 
ROM 103, the number of entries in map table 412, the 

35 beginning physical memory address of the first ROM 
item 413-1 and the number of ROM items 413. 
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F1 H^ 5A " 3 bl ° Ck dia ^ a » of fundamental operating 

of Z IT t initiali2ati0 " 210 — ding to an embodiment 
of the xnventxon. In system reset step 205 , a program 
counter of microprocessor 101 is set to zero so that 

srssrrT 101 * news to access the **• (^r 

the Hobbat microprocessor, the first six bytes) in ROM 
data header 411. The physical memory address of ROM data 
L^ro 11 13 hard ' Wlred ln 4^^ce SS or 101 so that 

™ 8 t^a^ - — - 

^ Microprocessor 101 is 

15 21T "*V">™V of boot code for controlling recovery 
1= boot process Append A ^ , ^ ^ «* 

' Stl ^ " b00t «— *« 1» one' e^odij* « this 

ST H""" — * for a„ AT&T 92000 

" P set. The boot code is executed bv 
coprocessor 101 by directly accessing the physical 

25 of mictT! ° ther " hingS/ ^ b00t C ° de ^ * * 

rtL ? 3 a ^ are ° r S ° ftWare * eset ' A * »°ted above 
reir^T ■ ™ S if a software 

30 Initiatea Z * ^ " * SOf —~~ been 
2tti , ^coprocessor register indicates the 

physical memory base address r>* 

imD01 . tanf / aaaress of the segment table, an 

important p icce of information that is used later in 
recovery boot process 200. 

Near the end of execution of the boot code, the boot 

header 411 again. Microprocessor 101 retrieves the 
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- Physical memory base address of map table 412 ahd accesses 
map table 412, as shown in step 502. Map table 412 
includes a series of map table entries. Each map table 
entry includes: (i> information indicating the type of 

5 data, i.e., executable image of code, read-only data or 
read/wrate data, referred to by the map table entry, (ii, 
person bits for the data, e.g., Kernel or useTacLs 

*™llt\ tJ inStrUCtion8 to ***** copy the data fro* 
ROM 103 to RAM i 02 and map the data from RAN 102 to 
10 vxrtual addresses, or *ap the data directly from ROM 103 
to virtual addresses, (iv) a virtual memory address offset 

and 1 ITV* ne " 0ry ?ddreSS len9th ' and <*> a *°« °«^t 
and a ROM address length. 

15 man .11^ ' "1 accesses the first 

15 map table entry. r„ step 504 , a determination is made as 
to whether a ROM mapping or a RAM mapping is to be made 
is to h ° rt ^ emb0dilnent of invention, if a ROM mapping 
«ap tabL^rr 1 " 01 " 0 " 550 " 101 USeS each of « more 
20 to a corresponding set of virtual addresses, m another 
embodiment of the invention, microprocessor 101 uses each 
ll,T e Z< n ° r& MP table Cntri6S t0 ma *> data f ™» °»* or 

25 T«l T ^ " Sed t0 *** f ^*»*»tal operating 

25, system data from ROM 103. 

virtu!? 507 ' ^ VirtUal Kem0ry address *»* 

l^Ttl TT** addreSS len9th " *** table -^y are 
the data T " 3 ^ °* — «Y addresses for 

the data described by the map table entry. The ROM offset 
30 and ROM address lenoth in ^ . , onset 

. length xn the map table entry are used to 

ofrrT * range ° f P^cal memory addresses in rom 103 
determined virtual memory address range and physical 

m C0rreSP0ndi ^ to *»— are initialized. This 

done even though, typically, each of the segment table 
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and page table entries that map ROM data from the virtual 
" aMry address *Pa°e to the physical memory address space 
already exist. Re-initialization ensures that any 
corrupted entries in the segment table and/or page tables 
5 are corrected, and allows the opportunity to reset 

permission bits, e.g., data protected, at Kernel or user 
level, in the segment table Lnd/or page table entries 

If, 1» step 504, it is determined that a ram mapping 
is to be made, i.e., sections of data stored in ROM 103 
10 are to be copied to RAM 102, in step 505, microprocessor 
101 accesses the physical memory location in 7 R0M 103 
corresponding to the beginning physical memory address 
gaven by the ROM offset. The ROM address length indicates 
the number of physical memory addresses, i.e., ajnount of 
15 data, from which data are to be copied to RAM 102. The 
vartual memory address offset and virtual memory address 
length in the map table entry, are used to determine a 
range of virtual memory addresses corresponding to the 

20 f C ° Pied fr ° m R ° M 103 ' The amount of **** -Pied 

lll\T, T ^ eqUal t0 W l6SS than ^ magnitude of 

the virtual memory address range. The data to be copied 

oT^f ^ V e — tittage ° f COde ' "ad-only data 
or read/write data. 

25 RAM ^T" ^ 5 ° 6 ' ±S C ° Pied fr ° n ROM to 

* 5 HAM 102 and mapped from RAM 102 to virtual addresses. The 
segment table and page tables in RAM 102 are used to 
determine corresponding physical memory addresses, i.e., 
Physical memory locations in ram 102, for each of the 

30 21T B€BOry addresse *- A * this point, th* mapping and 
tZu h r ^ d ° ne ^ ^ ° rd T- M -i»g sequentially 
through the data in ROM 103, microprocessor 101 copies 
each piece of data to a physical memory location 

fror,T nd , in9 t0 PhySlCal mem0ry add " SS translated 

from the virtual memory address that corresponds to the 
35 piece of data being copied. 
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The data in RAM 102 are also mapped to virtual 
addresses, i.e., the corresponding segment and page table 
entries are initialized. The physical addresses in 
RAM 102 are used, along with the corresponding virtual 
5 addresses, to initialize the segment table and page 
tables. This is done, even though each of the segment 
table and page table entries . must already exist, so that 
permission bits can be reset' for each of the segment table 
and page table entries. 
10 Since the segment table and page table entries used 

to determine the physical memory addresses in RAM 102 at* 
which to copy data from ROM 103 are the same as the 
entries existing prior to system reset step 205, the data 

15 in Z ™ AS StOX " ed ln 631,4 PhySiCal locations 

15 in ram 102 as before the system reset, so that no 

Persistent data 112 are inadvertently destroyed. Unlike 
the direct mapping of data from ROM 103 (step 507) 
copying of data from ROM 103 to RAM 102 necessitates that 
segment table and page table entries for the data be 
20 uncorrupted. ^ 

The physical memory pages of RAM 102 to which 
fundamental operating system data has been copied are 
removed from the system free list during system free llst 
25 d itla ' 1 " tl ° n Ste * 230 * decking a region table, 

afteTdl dStail bel ° W ' ^ ***** «« P^es 

after determxnxng that the pages are marked as persistent 

heloT re910n tablG ' aS alS ° deScrlbed ^ ln '»«• detail 

30 **- *~ 0rdin 9 *° <*• embodiment of the invention, in 
step 510, during mapping of dath from RAM io:T to virtual 
addresses, a bit in each of the segment table and page 
table entries is marked to indicate that the corresponding 
Physical memory location has been used. The marked 
entries are then eliminated from the system free list 

35 during system free list initialization step 230, discussed 
xn detail below. This embodiment- of fundamental operating 
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system data initialization step 210 is used in recovery 
boot process 200 illustrated in Figure 2A. 

According to another embodiment of the invention, the 
segment table and page table entries are not marjced, i.e. • 
5 step 510 is eliminated from the method. The physical 
memory pages of ram 102 to which fundamental operating 
system data has been copied hre removed from the system 
free list during system free Ust initialization step 231 

io ZiZTJV by checklng a region tabie ' aescrib ^ - -™ 

Ti t ' re,n6vi ^ the pages after determining 

that the pages are marked as persistent in the region 
table, as also described in more detail below. This 

data ""L iS d :f gnated aS Cental operating system 

15 ^ 1 ^" lal " ati0n Ste P 211 ** —overy boot process 260 
15 of illustrated in Figure 2B.. 

^As shown in step 508. a determination is ma de as to 
whether the last map table entry has been processed £ 

either t *T ^ ^ ^ U a0 ~" * < 5 ^ 503 > — 

21 tabl T ° CeSSOr 33 desc ^ above. If the last 

-p t ab i e entry has been accessed, then the recovery boot 
process continues,.. as shown in step 508. 

operating ^ ^ " ^ the fundaroental 

operating system data initialization step aio accordina 

fundamental operating system data initialization step 210 
shown in Figures 5A and 5B, respectively. ' ■' " 
30 p< ^ " ^ embodiment « e tep 210 illustrated in 

loc 9 a U t r e e d 5 a' d in St6P 501 ' R ° M ^ *-« ROM !03 is 

located and accessed. Boot.code execution is initiated 
and during execution of the boot code, bom data 

ITt^".^ 55 " again to det — «- — - 

^ Ma. , J l^ P ' ^ table 512 iS l0Cated «* accessed. 
Map table 412 includes map table entries, each map table 



WO 95/12848 



PCT/US94/12567 



- 28 - . 

entry including information as discussed above with 
respect to Figure 5A. 

In step Sll, the map table entries are used to map 
data as described above with respect to steps 505, 506 and 
5 507 of Figure 5A. After all of the map table entries have 
been used to map data, the boot code instructs 
microprocessor 101 to access ROM data header 411. 
Microprocessor 101 accesses ROM data header 411 to 
determine the beginning physical memory address of the 
10 first ROM item 413-1. 

pCn.step 512, microprocessor 101 accesses the 
beginning physical memory location of ROM item 413-1. if 
data from ROM item 413-1 is to be initialized, based upon 
a determination described in more detail below and shown 
15 in step 513, microprocessor- 101 initializes all data from 
first ROM item 413-1, as also described in more detail 
below and shown in steps 514 and 515. Whether or not the 
data. from first ROM item 413-1- was initialized, 
microprocessor 101 then moves to the physical location in 
20 ROM 103 at which the second ROM item 413-2 begins. The 
location of the start of the second ROM item 413-2 is 
known because second ROM itfcm 413-2 begins at Use physical 
memory address in ROM 103 immediately after the last 
physical memory address of ROM item 413-1. if indicated, 
25 microprocessor 101 initializes all data from second ROM 
item 413-2. Microprocessor 101 then continues to 
successively initialize data from ROM items 413, as 
appropriate, as described above, until the last ROM 
item 413-N is checked, as shown in step 517. When the 
30 last ROM item 413-N has been checked, the recovery boot 
process continues , as shown, in step 518 . 

To assist in understanding steps 514 and 515 of this 
embodiment of fundamental operating system initialization 
step 210, the structure of ROM items 413 is first 
35 explained. Figure 4B is a diagram of a ROM item 413-1. 
Each of ROM items 413 has the same structure as described 
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below for ROM item 413-1. in one embodiment of the 
invention, ROM item 413-1 includes ROM item header 414, 
ROM atem namespace 415, ROM item attributes 416 and ROM 
item data 417. ROM item header 414 includes a ROM item 
5 namespace offset, a ROM item namespace size, a ROM item 
attributes offset, a ROM i{e* attributes size, a ROM item 
data offset, a ROM item data size, and several flags 
Each of the offsets specify a beginning physical memory 
address in ROM 103 of the corresponding part of ROM 
item 413-1. Each of the sizes define the ending physical 
IteHl^r 68 ln ° f C ° rreSpon * in 9 P-t of rom 

in another embodiment of the invention, the ROM item 

« 12 I 414 ° f R ° M ^ 4 * 3 inClUdes the si2G °* 

15 ROM atem 413. However, this information is not necessary 
to implement the invention: 

attrib^ "T in itea h6ader 414 indicate ission 

• Part Tf ^ ltem 4 "' 1 - e " WhCther ROM ite » i- 

20 IZV °* erat «* ^tem kernel or a user item, and 

TMs l\r M itCm ^ t boot tke. 

This latter attribute is the most important for purposes 

rom IIZT^T process 2 f 0 because indicates 

IZJttT ^ ^ lnl 4 all2ed durin * fundamental 

operating system data initialization step 210 

25 ROM item namespace 415 stores the name of rom 

item 413-1. The name of the ROM item is the path name 

ProarlVT ~ ^ locatio " <* 

program, i.e., ROM item data 417, that is stored in rom 

30 ROM item 413-1 to be properly* located within the file 

system of computer system ^00 during file system recovery 
step 250 , discussed i» more detail below 

ROM item attributes 416 include information about 
characteristics of ROM ltem such ^ whether out 

TsZ llLTl inil:iali ? ed ^ W »» item 413 

3 kernel ° r user Aether ROM item 413 is a 
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machine specific item, and whether ROM item 413 is a file 
or not. 

ROM item data 417 includes, among other things 
described in more detail below, the data constituting the 
5 program stored in ROM item 413. ROM item data 4i7 is also 
known as an Elf file. The structure of Elf file" 4 17 is 
defined in Unix™ System V, Release 4 Programmer's Guide: 
ANSI c and Programming Support Tools, chapter 13. 
During fundamental operating system data 
10 initialization step 210, for each ROM item 413, the 
appropriate flag in ROM item header 414 is checked in 
step 513 (Figure SB) to see if ROM item 413 requires 
initialization. If ROM item 413 does not require 
initialization, the ROM item data of f set and ROM item data 
15 size are used to determine the ending location of ROM 

item 413 in ROM 103 and, therefore, the beginning location 
of the next ROM item 413 in ROM 103, so that the next ROM 
item 413 can be checked to determine whether that ROM 
item 413 is to be initialized. If ROM item 413 requires 
20 initialization, Elf file 417, i.e., ROM item data, is 

examined to proceed with fundamental operating system data 
initialization step 210. 

Figure 4C is a diagram-of Elf file 417. Elf file 417 
includes Elf file header 418, .program header table 419, 
25 executable image of code 420, {read-only data 421 and 

read/write data 422. Elf file' header 418 includes, among 
other things, a program header table offset, which 
indicates the beginning physical memory address in ROM 103 
of program header table 419, and the number of program 
30 headers in program header table 419. Program header 
table 419 includes a program header for each section of. 
data ("program") in Elf file 417,, i.e., executable image 
of code 420, read-only data 421 and read/write data 422. 
Read/write data 422 must be copied to RAM 102. Executable 
35 image of code 420 and read-only data 421 may be copied to 
RAM 102. Though, in Figure AC, only one section of 
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executable, image of code 420, read-only data 4 21 and 
read/write data 422 are shown in Elf file 417, it is to be 
understood that an Elf file 417 can include more than one 
section of executable image of code 420, read-only 
5 data 421 and/or read/write data 422. 

Each program header includes, among other things, a 
flag that indicates whether the program is executable 
image of code 420, read-only data 421 or read/write 
data 422. Each program header also includes: (i) a 
10 program offset that indicates the beginning physical 
memory address in ROM 103 of the program, .and (ii) a 
program size that, together with the program offset, 
defines the ending physical ^emory address in ROM 103 of 
the program. The program offset and size define the 
15 physical memory location of the program in ROM 103. Each ' 
program header further includes a beginning virtual memory 
address and a virtual program size that defines an ending 
virtual memory address for the program. The beginning 
virtual memory address and virtual program size define the 
range of virtual memory addresses at which the program is 
located. 

As shown in step 514 > for each Elf file 417 that 
:--«ta^ui«ta.* W ri i? ing.* 1 i4*4«ii, at .i oll during fundamental 
operating system data initialization step 210, 
25 microprocessor 101 uses the physical memory address range 
and the virtual memory address range specified in the 
Program header for each program to. initialize the segment 
table and page table entries corresponding to data- to be 

30 Zr!,^ *° VirtUfkl * ddreSa * *' —d-only 

data 421, as explained above with respect^to step 503 of 
Figure 5A and incorporatea herein by reference. Likewise, 
in step sis, data to be copied to RAM 102 is copied into 
RAM 102 and the data mapped from ram 102 to virtual 
addresses, as described above with respect to step 506 of 

35 Figure 5A and incorporated herein by reference. 
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As an the embodiment of fundamental operating system 
data initialization step 210 illustrated in Figure 5A , i„ 
a further embodiment of the embodiment of fundamental 
operating system data initialization step 210 illustrated 
5 in Fagure 5B, in step 516., for each piece of data copied 
to RAM 102, the segment t?able and page table entries are 
priced to indicate that the corresponding physical memory 
location has been used. . This embodiment is used in 

1n l*™?*** b ° 0t P rocess 2 °° illustrated in Figure 2A. In a 
10 further embodiment, the segment table and page table 

entries are not marked, i.e., step 516 is" eliminated from 
the embodiment of fundamental operating system data 
initialization step 2io illustrated in Figure 5B. This 
further embodiment is use.d in recovery boot process 260 
15 (Figure 2B) . . 

After fundamental operating system data 
initialization, step 210, the operating system kernel of 
computer system loo can run. once the operating system 

20 *Tll IT VlttUa " l0Cati ° n ° f the region 

20 table is accessible. The virtual memory location of the 

HTJ^ ? tranSlated ' the segment table and 

page tables, into a physibal memory address so that 
microprocessor 101 can acjcess the contents of the region 
25 wheth' table indicates, among other things, 

25 whether a particular virtual memory address or range of 
virtual memory addresses store persistent data 112. using 
these virtual memory addresses, the segment table or page 
table entries, as appropriate, corresponding to virtual 
memory addresses of persistent data 112 are, in one 
embodiment, marked as used, like the fundamental operating 
system data above, so that the physical memory addresses 
corresponding to the persistent data 112 can be removed 
from the system free list during the system free list 
initialization step 230. ' 
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step "Hcccr^ina to^" "* *° r * 1 **™ ™^o'„ recovery 

persistent data 112 attribute for each virtual 
5 location is located t„I virtual memory 

« ^verain, fe sea™* t. M e anVpaU" ole"* J 0 """ * 
norther cbotoent, i„ ^ the ^ 8 ^*L * 
euppUeo. by co corp. operates on an ll TZTu ' ^ 

20 code. ^ 96 ° f exec «tion of the boot 

25 " ^ brasses aefi„l„ g region 

corresponding to the reaion t*^ ****** the re * lon 
Persistent, irking oT^ZVs^ / *' 
30 e^ained above, during ^ £ t LftT^f T ° CCUre ' " 
operating systero of station of the 

operation of computer systel 10 0 ^ * ^ ™ 

If the region is not marked as persistent ™- 
transfers from step 603 to step 602 f!T*H Pr ° CeSSin * 
35 table entry is retrieved. loZrl ™ 

marked as persistent ^ersely, xt the region is 

persistent, processing transfers from step 603 



tVO 95/12848 



PCTAJS94/12567 



- 34 - 



to step .604. in step 604, the virtual memory address 
range of the region is ascertained from the region table 
entry. 

After step 604, in step 60S r the virtual memory base 
5 address of the first victual page in the virtual memory 
address range is ascertained, m step 606 , the virtual 
memory base address of the virtual page is translated to a 
Physical memory address using the segment table and page 
tables. 

10 After translation of the virtual memory address to 

the physical memory address, in step 607 7 the 
corresponding segment table entry is checked to see if the 
segment table entry is marked, if the segment table entry 
xs not marked, then, in'step 608, the segment table entry 
15 is marked. Referring to Figure 3A, the segment table 
entry, e.g., segment table entry 311-2, is marked by 
appropriately setting one of the bits of region 313. 

Once the segment table entry is either marked 
(steps 607 and 608) or determined to have been previously 
20 marked (step 607), in step 60S, the page table entry in 
the appropriate page ta*le is marked. Referring to 
Figure 3 A , the page tab^e entry, e.g., page table 
entry 321-4, is marked by appropriately setting one of the 

25 table entries of each virtual page within a region that 
stores persistent data, the physical memory base address 
of each physical page storing persistent data 112 is 
parked so that the physical memory base address can later 
be removed from the systexJfree list during system free 
30 list initialization step 230. =- 

After each page is marked in the page table 
(step 609), in step 610, a determination is made as to 
whether the end of the virtual memory address range for 
the region being processed has been reached. if the end 
of the range has not been reached, then the virtual memory 
base address of the next virtual page is determined 
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(step «03), the virtual memory base address is translated 
to a physical memory base address (step 606) , and the 
associated segment and page table entries are marked 
(steps 607/ 608 and 60 9 , , as described above. If the end 
of the range has been reached, then the next region table 
^ 1S ~* ri *y ed CtfP "2) and examined to determine 
whether the region includes persistent data (step 603). 
All region table entries are checked in the manner 
descried, all persistent data n 2 is identified and the 
10 segment table and page table entries (i.e., physic ^ ^ 
memory addresses) corresponding to persistent data are 
marked, when persistent region recovery step 220 is 
complete, the system free' list can be initialized. 

15 in±«r^« 7A 1S * W6CX «V»t« free list 

15 initialization step 230 of Fi g„ r e 2A according to an 

embodiment of the invention. At any given time during 
operation of computer system ioo, the system free list 
includes all physical pages of memory that have not yet 

20 Sta hL Th' i " e " PhYSiCal me,BOry locatio - ** which 
-20 aata has not been stored. 

systJrL 1 " 9 ^ i" 1 " 211 -"- - the operating 

system of computer sysfem l0 o, a physios aemory page is 

ZZ at wMchT^ ^ Pr ° 0eSS J0 °' th ° Physi - 1 — -X 
page at which the syste* free list is stored is recovered 

P * ge " used *° the »ew system free list 

generates during recovery boot process 200 by the svste. 

30 all" \ " lnltla "-«°'- W It is necessary to " 

to el PhySlCT1 ■»"»• ,OT ^ «~ Us* 

atlc^r f PerSistent »* 1- not overwritten by 

allocation of a physical page for the syste- free list. 

step T ai IT **" " St ini «»"«"°n step J3 0, in 

35 »«v, P yS1C " 1 PS9e5 " "Ruling those 

3= previously allocated during recovery boot process 200, 

pages allocated during fundamental operating system 
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data initialization step 210 and persistent data recovery 
step 220, arc added to the system free list. 

In step 702, the region table is located and 
accessed, in step 703, the first region table entry is 
5 accessed. 

As discussed above with respect to Figure 6, each 
region table entry identifies a range of virtual memory 
addresses. In step 7-04, the beginning virtual memory 
address of each virtual memory page is accessed, in 
10 step 705, the segment table and page table entries 

corresponding to the beginning virtual -memory address are 
checked to see if the envies are marked to indicate that 
the corresponding physical- memory page has been allocated. 
If the physical page has been allocated, in step 706 
15 the physical page is removed from the system free list. ' 
in step 707, a determination is made as to whether the 
last virtual page in the region has been checked. if the 
last virtual page has not been checked, then the next 
virtual page in the region is accessed (step 704) and 
20 checked to see if the corresponding physical page has been 
allocated, if the ladt virtual page in the region has 
been checked, then, in step 708, a determination is made 
as to whether the region table entry being processed is 
the last region table entry, if the region table entry is 
25 the last region table entry, then the recovery boot 

process continues, if the region table entry is not the 
last region table entry, then the next region table entry 
as accessed (step 703) asj described above. 

If, at step 70S, it is determined that the physical 
30 page has not been allocated, *hen the physical page is not 
removed from the system free list, a determination is 
made as to whether the last page in the region has been 
reached (step 707) and, if appropriate, whether the region 
table entry being processed is the last region table entry 
35 (step 708), and processing of region table entries and 
virtual pages continues as described above. Each region 
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is =h.c*ed for allocated pages. and an allocated pages 
are removed from the system free list 

initi^T' 0 " " ala!,ri "■ ° f *«• "« 

5 embodiment of the invention, m steps 701 , 702 and 703 

10 chec^l^! 711 '. a ! Ch " 9l ° n tibl8 - checked, by 

en^ ? T PerS1Stent "tribute of the region table 

^Hhvsi T ' ** *** »«—t4-t.*t. is stored at 
the physical memory loc* ions corresponding to the region 

15 \TT 703> - 11 »—*•*«* data is 

or each v ' ^ be9i ' mln9 VirtUal — —«« 

«e ""^ ^ ' e9i0n 15 translated to 

Phvs^ ^ " y 31 " ,e "° ry aadreSS « corresponding 
Physxcal memory page, and the physical memory page L 
removed from the system free list. 

20 th. In , SteP 7 °°' " drter »i"«tion is made as to „hether 
n« J : aWe ^ 1S "3ion table e^ « 

n«. then the next region table entry is accessed 

S Z\ *VT? f ° r / ha « aata 

» process continues ' ^ 7 ° 9 ' the ™* 

ad*,- Si "° e ^ re9i0 " taWe i-^^es only virtual 

tatir ? C °" PU " ""P" 100 ' =«™in9 the region 
table eliminates checking of virtual . e l * 310n 

»0 nc data is associated: Bowevlr in an5t " ""^ 
the invent*™, "owever, in another embodiment of 

*JZTzi™ n :z™ B ™ pa9e tabi * «• 

has been allocated? a^d Tl UTT",^ P " iSi ° al «»~ 
rrom the system free itst *— ™ 

step 230 is complete. The remaining 
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physical memory pages in the free list - those that have 
not been removed during system free list initialization 
step 230 - have not been allocated and are free to be used 
to store any data without possibility of destroying 
5 persistent data 112. This is because, up to the point of 
system free list initialization step 230, no physical 
memory pages were allocated without making the allocation 
based upon the virtual memory map, i.e., the segment table 
and page table entries, existing prior to the system reset 
10 step 205. in other words, fundamental operating system 
data initialization step 210 and persistent region 
recovery step 220 lock out physical memory locations from 
the system free list so that- these locations cannot later 
be used to store other data that would destroy the 
15 fundamental operating system data or, in particular, the 
persistent data l i2 . once system free list initialization 
step 230 is complete, the remainder of recovery boot 
process 200 can proceed without fear of . destroying 
persistent data 112. 

20 After system free list initialization step 23 o, 

system start-up step 240 is performed, as discussed' in 
more detail above with respect to Figure 2. Once system 
start-up 240 is complete, file system recovery step 250 
takes place. 

25 The file system' is a set of data structures that 

describe a name-space and data that's contained within 
that name-space.- The file system includes information for 
each of the files, such as the state of the file, whether 
the file is opened or closed, : whether the file has been 

30 written to, permission attributes, and whetfier the file is 
write -protected or not. 

The first time that the file system is initialized, a 
heap is created. A heap pointer is stored in the boot 
data structure. The file system is initialized from 

35 ROM 103 by scanning all ROM items 413 in ROM 103 and 

marking all items that have a file name. Elements in the 
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heap are used to record file -syste* structures for 
potentially allocating new heap entities and for pointing 
»ac* .„to the ROM so that it looks like the file system * s 
composed only of a- set of ROM files. 
5 over time, new files ar* allocated or deleted. New 

files are allocated either fro* the heap, or directly from 
a «e»ory allocator that is part of computer system loo and 
the fales referenced within .the heap, ram flles m 
marked persistent when they are allocated. Files which 
10 were initialled from ROM !03 can he deleted or mod^ed 

S-TCtT^ 1 * into m 10 ? and then ra * - e ^ 

as cre^ ******* ^ ^ **• **** -chan isTO 

as creating a fale originally in RAM. Consequently, the 

Physical memory locations allocated for these "new.. fii es 

are also »arxed as persistent data 112. 

in file system recovery step 250, the file system is 

recovered hy retrieving the heap pointer from the ^ 

t Til II ! hSt Mlcr ° prOCess ~ ^1 locate files in the 

til. system once again. After file system recovery 

any * "°L reCOVery b ° 0t Pr °^ SS COnti — * in^iali zi „ g 
any remaining operating system data (not shown) . 

Various embodiments of the invention have been 
described. The descriptions are intended to be 
illustrative, not limitative. Thus , it will be apparfint 

frol th lnve ^on as described without departing 

from the scope of the claims set out below. 
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We claim: 

1. In a computer system including a microprocessor 
and a memory storing persistent data, a method for 
recovery contents of the menjory, after a system reset, to 

5 a state that allows user control of the operation of the 
microprocessor, the method comprising the steps of: 

recovering a portion of fundamental operating 
system data such that said portion of fundamental 
operating system data is stored within the memory in 
10 locations different from locations that stored 

persistent data prior to tjhe recovery; «md 
recovering the persistent data. 

2. A method as in claim l, wherein: 
each location in the memory at which data is 

stored is identified by a virtual memory address; and 

the step of recovering fundamental operating 
system data further comprises: 

retaining, after the system reset, the 
virtual memory address, existent before the 
system reset, of each of the first set of 
fundamental operating system data; 

translating the virtual memory address of 
each of the first set of fundamental operating 
system data to a physical memory address using 
25 translation data; and 

storing each of the fundamental operating 
system data at a. location in the memory 
corresponding to the physical memory address 
determined during the step of translating. 

30 3 *. A . method as in Claim 2, wherein the step of 

recovering the fundamental operating system data further 
comprises marking each of the translation data to indicate 
that locations in the memory that store the first set of 
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fundamental operating system data cannot be used to store 
other data. 

4. A method as in Clajjn 2, wherein: 

persistent data is. identified, prior to the 

system reset, by a tag associated with the virtual 

address of each of the persistent data; and 
the step of recovering persistent data 

comprises: 

identifying virtual memory addresses that 
have been tagged; 

translating each of the tagged virtual 
memory addresses to a physical memory address 
using translation data; and 

recovering data stored at the locations in 
the memory corresponding to the physical memory 
addresses such that other data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory at which 
persistent data are stored. 



20 s. 



30 



A method as in Claim 4, wherein: 
the step of recovering "the fundamental operating 
system data further comprises marking the translation 
data to indicate that locations in the memory that 
store the first set of fundamental operating system 
data cannot be used to store other data; and 

the step of recovering persistent data further 
comprises marking the translation data to indicate 
that locations in the memory that store persistent 
data cannot be used to store other data. 

6 a method as in Claim 5, further comprising the 
step of constructing a list of physical memory addresses 
corresponding to locations in the memory which can be used 
to store data during the recovery subsequent to the step 
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of constructing, the list including all physical memory 
addresses corresponding to locations in the memory except 
physical memory addresses corresponding to the marked 
translation data. 

7. A method as in Claim 1, wherein: 

each location in the memory at which data is 

stored is identified by a virtual memory address; 
persistent data is identified, prior to the 

system reset, by a tag associated with the virtual 

address of each of the persistent data; .and 
the step of recovering persistent data 

comprises: 

identifying virtual memory addresses that 
have been tagged; 

translating each of the tagged virtual 
memory addresses to a physical memory address 
using translation data; and 

recovering data stored at the locations in 
the memory corresponding to the physical memory 
addresses such thap other data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory at which 
persistent data are stored. 



8. 



A method as in Claim 7, wherein the step of 
25 recovering persistent data further comprises marking the 
translation data to indicate that locations in the memory 
that store persistent data cannot be used* to store other 
data. 

9. A method as in Claim 1-, further comprising the 
30 step of constructing a list of physical memory addresses 
corresponding to locations, in the memory which can be used 
to store data during the recovery subsequent to the step 
of constructing, wherein: 
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physical memory addresses corresponding to 
locations in the memory at which the first set of 
fundamental operating system data are stored are 
excluded from the list; and 
5 physical memory addresses corresponding to 

locations in the memory at which the persistent data 
are stored are excluded from the list. 

10. m a computer system including a microprocessor 
and a memory storing persistent data, a method for 

^ the > C ^ * W reset, to 

liltT US6r COn ' tr01 ° f the nation of the 

microprocessor, the method comprising the steps of 

* ■ k " coverin 9 ^amenta! operating system data 

? 3 f ^ ° f fuBda »*»*al operating syste* 
21 %r° red With±n ^ me,n0ry and such ^at none 
11 stir f f T ^ fUn<3a *** tal operating system data 
xs stored in locations in the memory that stored 
persistent data prior tp the system reset/ and 

for 1 C ° n ; trUCtin 5 * «■* Pf Physical memory addresses 
for locations in the mejnory which can be used to 
store data during the recovery subsequent to the step 
of constructing, wherein: 

Physical memory addresses for locations in 

the memory at which the first set of fundamental 

operating system data are stored are excluded 

from the list; and 

Physical memory addresses for locations in 

the memory. at which the persistent data are 

stored are excluded from the list.- 

11* A method as in Claim lo, wherein: 

each location in the memory at which data is 
stored is identified by a virtual memory address; and 

the step of recovering fundamental operating 
system data further comprises: 
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retaining, after the system reset, the 
virtual memory address, existent before the 
system reset, of e^ch of the first set of 
fundamental operating system data; 

translating the virtual memory address of 
each of the first set of fundamental operating 
system data to a physical memory address using 
translation data; and 

storing each of the first set of 
fundamental operating system data at a location 
in the memory corresponding to the physical 
memory address determined during the step of 
translating. 

12. a method as in Claim li, wherein the step of 
IS recovering the fundamental operating system data further 
comprises marking each of the translation data to indicate 
that locations in the memory that store the first sPt of 
fundamental operating system data cannot be used to" store 
other data. 

20 13. A method as in Claim 12, wherein the step of 

constructing further comprises including all physical 
memory addresses corresponding to locations in the memory 
except physical memory addresses corresponding to the 
marked translation data. 

25 14 . m a computer system including a microprocessor 

and a memory storing persistent dat*, a method for 
recovery contents of the memory, after a system reset, to 
a state that allows user control of the operation of the 
microprocessor, the method- comprising the steps, of: 
30 prior to the system reset, marking locations in 

the memory that store persistent data; and 

after the system reset, recovering the 
persistent data. 
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15. A method as in Claim 14, wherein: 

each location in the memory at which data is 
stored is identified by a virtual memory address, - 

the step of. marking locations in the memory 
further comprises associating a tag with the virtual 
memory address corresponding to each location in the 
memory at which persistant data is stored; and 

the step of recovering persistent data further 
comprises : 

identifying virtual memory addresses that 
have been tagged; 

translating the tagged virtual memory 
addresses to physical memory addresses using 
translation data; and 

recovering data stored at the locations in 
the memory corresponding to the physical memory 
addresses such that data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory that store 
persistent data. 
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